Hackers' new super weapon adds firepower to DDOS

Public-sector IT managers and hackers are always in a constant struggle, especially since government websites are so often the targets of malicious attacks. Now agencies have one more thing to worry about. The hackers have got themselves a High Orbit Ion Cannon -- actually, an unlimited number of the new weapons.

The name sounds a bit like something out of a “Star Wars” movie, but the High Orbit Ion Cannon (HOIC) is actually a very dangerous free-to-download, open-source program that can turn any user of any skill level into a powerful hacker, at least in terms of one form of attack, a distributed denial-of-service.

It was designed to be extremely easy to use. The user just types in the URL of the target, sets the HOIC to operate in supercharged or normal mode, and then “fires the laser.” The program sends traffic to that URL in an attempt to overload the site and bring it down. A 41-second YouTube video shows how quickly and effortlessly an attack can be launched.

The HOIC is actually an upgrade to an older program, the Low Orbit Ion Cannon, which had been a favored tool of Anonymous and other hacker groups. But the HOIC, which has been around for a little while and is gaining popularity among hackers this year, is much more powerful.

The HOIC is able to use custom scripts to target more than just a website’s home page. Instead of sending out a single pulse over and over, which is a visit to the site from a fake user, HOIC targets sub-pages. So these spawned, fake users try to visit the welcome page, the help pages, article pages and anything else a victim site has to offer. This tactic prevents some firewalls from recognizing that what is happening is an attack. Even if they do detect what’s happening, they will have trouble shutting them down because the “supercharged” version of the software is sending multiple fake users to multiple pages within a domain. It’s like trying to block shotgun pellets instead of a single bullet.

Agencies probably should be worried about the HOIC, since its laser will likely be targeted towards them at some point. But at least the new cannon isn’t all-powerful. Members of Anonymous, which has frequently attacked government websites and whose members have upgraded to HIOC, told Gizmodo that it still takes at least 50 people, each armed with a HOIC, working together to bring down a site. So a lone user won’t be able to do much against agencies on his own, other than raise traffic numbers.

Presumably, if 50 people were working together to bring down the FBI’s website, for example, they would eventually be tracked and targeted themselves, probably not just by software. But firewalls and other anti-DDOS software should probably be amended to better defend against this new threat.

Right now, the hackers and their HOIC seem to have the upper hand. But this ongoing struggle won’t be won or lost in a day or with a single program. Still, the new cannon is a serious threat that deserves attention before it wreaks havoc on the public-sector infrastructure.